Hi,

On Sat, 22 Nov 2003 19:56:07 -0800 John Oliver <[EMAIL PROTECTED]> wrote:

> On Sat, Nov 22, 2003 at 06:24:38PM -0800, Robert Menschel wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > Hello John,
> > 
> > Saturday, November 22, 2003, 4:24:01 PM, you wrote:
> > 
> > JO> I started using the default setting of 5 in user_prefs.  This caught
> > JO> *very* little spam.  Most of the Swen virus emails, for example,
> > JO> still get through with scores of about 2.something  But marking as
> > JO> spam at 2.5 is already causing too much collateral damage for mailing
> > JO> lists.  I have to be missing something really big and important
> > JO> here... :-)
> > 
> > 1) The Swen virus is not spam. It should be caught by anti-virus
> > software, not by anti-spam software.
> 
> It's email that I don't want.  It has a predictable From: and/or
> Subject: and so should be able to be scored very high.

Spam != "mail I don't want" so SpamAssassin is the wrong tool for
detecting this. Now some people will take the approach that spam ==
"unsolicited bulk email" and since email viruses meet all three
criteria, they're spam too, albeit non-traditional spam. SA defends
against traditional spam (non-malware UBE), leaving tools like ClamAV,
Sophos, Norton, etc. to handle viruses.

Still, SA can detect MS executables which are viruses in the vast
majority of cases, so you use SA as a weak AV filter if you really want.

As noted before, change

  score MICROSOFT_EXECUTABLE 0.100

to

  score MICROSOFT_EXECUTABLE 10

in either

  ~/.spamassassin/user_prefs

or

  /etc/mail/spamassassin/local.cf

This may have unintended consequences, marking all Windows executable
attachments as spam. Personally, I don't worry much about it because a)
I serve very few users, and b) I unilaterally set policy on my servers,
so I just reject all Microsoft executable attachments at the MTA level
with Postfix. End of MS virus problem.

Rationale': Nobody sends me legitmate executables and on the off chance
they needed to send me one, they can zip the damn thing up first. If
they can't figure out how to do that, then they probably don't have any
business sending me executable code in the first place.

> > Do you have the default network tests turned on?  They are VERY useful in
> > catching spam which otherwise scores very low against the default rule
> > set.
> 
> Apparently not.  It looks to me like something has to be done other than
> install SA to make them go, and I'm working on figuring that out now...
> :-)

What does

  spamassassin -D -t < /path/to/spamassassin/installation/sample-nonspam.txt 2>&1 | 
egrep -i rbl

give you? I get:

  debug: RBL: success for 41 of 41 queries

> > Do you have Bayes turned on? Bayes is a life saver here.
> 
> I have no idea.  How would I know?

Run

  sa-learn --dump | head

and verify either nspam, nham, or ntokens > 0. You need both nspam and
nham to each be > 200 for Bayes to work; read up on sa-learn for more
info.

hth,

-- Bob


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Reply via email to